when convert string from ASCII to Unicode

The max size of ptn_name is 72, the max size of PartitionNameFromMeta is
36, it will cause the buffer overflow issue if the actual string size of
ptn_name is lager than 36 when covent string form ASCII to Unicore.

AsciiStrToUnicodeStr (img_header_entry[i].ptn_name, PartitionNameFromMeta).

Change-Id: I51d94e415e1f92a65155c01b030a4332ff679947

Calculation of partition count while patching GPT could go
beyond limit. So adds a check to maintain sanity.

Change-Id: I454a044b24a46d2f4a841088231a5ba918861c0b

The size of struct RecoveryMessage is 1088, if the BlockSize is less
than 1088, only checking the message size with BlockSize is not right,
it will cause unlock or lock device fail. So correct the buffer size
check base on the BlockSize.

Change-Id: I7ea3970f2a7f725043e60d122a67f6a5d19f64a8

1. Free the memory before exiting the function with error
2. Set the pointers to NULL after free the memory

Change-Id: I41c1271c26ad78b0865e34fb5b035418c8bc3097

Merge "QcomModulePkg: Use StrnCmp instead of StrCmp and correct the length check" into uefi.lnx.1.0.r26-rel

1. Use StrnCmp instead of StrCmp
2. Correct the string length while doing StrnCpyS and StrnCatS
3. Correct the Sz check

Change-Id: I0980b698bd9e26b75f5ee0dcdd70e3b32095e672

1. ImageBuffer is allocated and has rounded to page. no need to check
the 64bit integer overflow, just need to add the range check to make
sure the image offset doesn't go beyond the kernal size

2. Add integer overflow check

Change-Id: I297a90f3da121ed6debf5102833a33ef5f769f8f

The fdt size must be greater than 0

Change-Id: Ia2af65f50bb2b0df858801d25ea3f85706f0e33e

Reset the partition name check variable for every iteration
to ensure that partition name is properly terminated in the
META image.

Change-Id: Ic55c5ef24a1e10fe472f849a4e0670b5b0bc0d3b

Correct the message size while writing data to device, the type of message
is struct not const string while unlocking or locking device, it will write
a wrong message to device.

Change-Id: I5dea9c00bbb5b75fe3fa7f45b61652e26364ae5d

It's risky to write a buffer to flash memory without checking the
size of input buffer, it maybe access the image buffer which it's
not zero initialized, its content might leak.

Change-Id: I2603fea534ccf895661325a0ac78839c7ddd3fbe

The function maybe doesn't get the right value of BootPthUpdate,
because the BootPtnUpdate is not initialized.

Change-Id: Ic6f204a5713e086c4125bba843fcf90e06d88466

These codes have a risk to access the array index which it's out of
bounds

Change-Id: I90c317d7e28df2255ff0d2d084af8224f49e0952

Add integer overflow checks while flashing sparse, raw image or
downloading data.

Change-Id: Icae7dbd22997f810870d52e5b4d3da2ba9fdfcfe

Check the varlist before using it and correct the string comparison

Change-Id: Ic0e1a1e834c5dfc60d973afc45eef39e96551933

1. Make the FastbootPublishVar with void return because of no one
   check it's return value
2. Optimize the code in GetXfrSize
3. Delete the redundant checking
4. Move the sparse header block size checking out of the for loop
5. Fix the missing static keyword
6. Free the buffer timely

Change-Id: I2a4830e8f25901f732dd41f06f4b2d0a200fe972

The length of the first parameter of AsciiStrToUnicodeStr maybe it's
longer than the second one. It will cause the buffer overflow issue

Change-Id: I9b5b96c1fd05f83ad0d147f852274441868a2b0d

Merge "QcomModulePkg: Correct the array initialization for VerifiedBootMenu" into uefi.lnx.1.0.r26-rel

The array size of ID and StartlineSpace are 4, but they are initialized
with a string which its length is 4.  '\0' is needed for each string array

Change-Id: I59224ccb2868635b009289158db5505d74de4ab0

Exit the function if it's failed to allocate pages
for memory map

Change-Id: I7c6bf5378d78f092a21a2d6b55799563a061cfd7

Correct the cast type of DevInfo in ReadWriteDeviceInfo

Change-Id: I76579fd5a1f0a03a3791f6583626f1b5a6337d32

1. Use an empty string instead of NULL terminator in array
initialization
2. Use "sizeof" for arrays, "AsciiStrlen" is used for char ptr

Change-Id: I2c92216347db6594ad5586e6861f1af9b84e50bd

Add a return value check after calling LocateHandleBuffer, it's
no need to run the remaining code in GetBlkIOHandles if the result
is not EFI_SUCCESS.

Change-Id: I32c8af50e5db734b1702620cf581a10a7bebb900

Add '\0' to the end of array FfbmData without the Sz with BlockSize,
the index maybe out of bounds

Change-Id: I2db51be6d0f0e2f32e2e825857b8eb24a410f2cd

1. Correct the available of input buffer length
2. Correct the input buffer length check, otherwise the pointer of
next input byte maybe access a incorrect address

Change-Id: Id5cc4fe596d50978fa669de5f59a28bb91d4a80b

1. Change the type of function from EFI_STATUS to VOID, as no none
check the return value
2. Remove the extra return value check
3. Correct the string length when doing string alignment

Change-Id: I52ffe56f01527fbf1ac3a2521429b043d4de857b

The length of platform hw string maybe is smaller than the chip
id's length, it will cause the array index out of bounds issue.

Change-Id: I97ff3e7eec4cf7b8cfa37cbe65ef1ce293fcc034

The size maybe is smaller than the image header size or is smaller than
the image header size + total image header entry size, it will go out
of bound of image end. And it's dangerous to access image buffer which
it's not zero initialized, its content might leak.

Change-Id: I401a43f00c7a1bcaa6174ffd36990dd6244899fd

Change-Id: I63250c90e6d4a4346c3de05c646ecbe51b60133b

CRs      Change ID                                   Subject
--------------------------------------------------------------------------------------------------------------
2098978   I54bba5f15a7a54f6c44b2c0a55dee3908e33b705   QcomModulePkg: Remove duplicate stack guard assignment

Change-Id: I4268d61b33ccee0f14c2da620c202d6a8e6e721a
CRs-Fixed: 2098978

After moving Fastboot application to Libarary, there is no need to setup
the stack guard again as Apps bootloader is only single application
(LinuxLoader) calling into multiple libaries for booting into kernel.

Change-Id: I54bba5f15a7a54f6c44b2c0a55dee3908e33b705